Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2730

Description

PsTools versions before 2.05 do not properly disconnect from remote IPC$ and ADMIN$ shares, allowing local users to retain elevated access via existing share mappings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

PsTools versions before 2.05 do not properly disconnect from remote IPC$ and ADMIN$ shares, allowing local users to retain elevated access via existing share mappings.

Vulnerability

Sysinternals PsTools before version 2.05, including PsExec before 1.54, PsGetsid before 1.41, PsInfo before 1.61, PsKill before 1.03, PsList before 1.26, PsLoglist before 2.51, PsPasswd before 1.21, PsService before 2.12, PsSuspend before 1.05, and PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares after use [1]. This leaves the share mappings active.

Exploitation

An attacker with local access to a system where these tools have been used can leverage the lingering share mappings. No additional authentication or network position is required, as the share connections were established during prior legitimate use [1]. The attacker can access the previously connected remote shares (IPC$ and ADMIN$) with the same privileges as the original user.

Impact

Successful exploitation allows a local user to access remote IPC$ and ADMIN$ shares with elevated privileges that were originally used by the tool [1]. This could lead to unauthorized information disclosure or further compromise of the remote system if the original session had administrative rights.

Mitigation

Upgrade to PsTools version 2.05 or later, which includes updated versions of all affected tools that properly disconnect from remote shares after use [1]. No workaround is documented in the available references.

References

About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Microsoft/Psexec2 versions
cpe:2.3:a:microsoft:psexec:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:psexec:*:*:*:*:*:*:*:*range: <=1.53
- (no CPE)range: <1.54
Microsoft/Psgetsid
cpe:2.3:a:microsoft:psgetsid:*:*:*:*:*:*:*:*
Range: <=1.40
Microsoft/Psinfo
cpe:2.3:a:microsoft:psinfo:*:*:*:*:*:*:*:*
Range: <=1.60
Microsoft/Pskill
cpe:2.3:a:microsoft:pskill:*:*:*:*:*:*:*:*
Range: <=1.02
Microsoft/Pslist
cpe:2.3:a:microsoft:pslist:*:*:*:*:*:*:*:*
Range: <=1.25
Microsoft/Psloglist
cpe:2.3:a:microsoft:psloglist:*:*:*:*:*:*:*:*
Range: <=2.50
Microsoft/Pspasswd
cpe:2.3:a:microsoft:pspasswd:*:*:*:*:*:*:*:*
Range: <=1.20
Microsoft/Psservice
cpe:2.3:a:microsoft:psservice:*:*:*:*:*:*:*:*
Range: <=2.11
Microsoft/Psshutdown
cpe:2.3:a:microsoft:psshutdown:*:*:*:*:*:*:*:*
Range: <=2.31
Microsoft/Pssuspend
cpe:2.3:a:microsoft:pssuspend:*:*:*:*:*:*:*:*
Range: <=1.04
Microsoft/Sysinternals Pstools
cpe:2.3:a:microsoft:sysinternals_pstools:*:*:*:*:*:*:*:*
Range: <=2.04
Sysinternals/PsToolsllm-create
Range: <2.05

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/10759nvdPatch
secunia.com/advisories/12108nvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/8140nvd
www3.ca.com/securityadvisor/vulninfo/vuln.aspxnvd
exchange.xforce.ibmcloud.com/vulnerabilities/16743nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000